Note: This is an archival copy of Security Sun Alert 200015 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000012.1.
Sun Update Connection - System
Solaris 10 Operating System
Date of Resolved Release
Solaris 10 with Sun Update Connection Services, a web proxy password may be visible to unauthorized local users on the affected system and also in the web proxy log files at the web proxy server. In addition, this issue prevents Sun Update Connection from authenticating to the web proxy server.
Sun Acknowledges with thanks Nicholas Brealey of Culham Electromagnetics and Lightning for bringing this issue to our attention.
This issue can occur in the following releases:
Note: This issue occurs only when Sun Update Connection is configured to use a web proxy with password authentication enabled.
Sun Update Connection with proxy authentication enabled does not work. Password may be visible in web proxy log files.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Note: Your web proxy password may have been compromised. It is advisable to change your web proxy password
This solution has no attachment